Technical Information
Malicious functions:
Creates and executes the following:
- '%TEMP%\taskmgr.exe'
- '%TEMP%\DEM1.exe' http://www.my##gex.com/fileshare/questions/explorer.exe
- '%TEMP%\taskmgr.exe' (downloaded from the Internet)
Modifies file system :
Creates the following files:
- %TEMP%\taskmgr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\explorer[1].exe
- %TEMP%\DEM1.exe
Network activity:
Connects to:
- 'www.my##gex.com':80
TCP:
HTTP GET requests:
- www.my##gex.com/fileshare/questions/explorer.exe
UDP:
- DNS ASK www.my##gex.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'